<div>
    In such places as project description, user description, view description, and build description,
    Jenkins allows users to enter some free-form text that describes something.

    This configuration determines how such free-form text is converted to HTML. By default, Jenkins treats
    the text as HTML and use it as-is unmodified (and this is default mainly because of the backward compatibility.)

    <p>
    While this is convenient and people often use it to load &lt;iframe>, &lt;script>. and so on to
    mash up data from other sources, this capability enables malicious users to mount
    <a href="http://en.wikipedia.org/wiki/Cross-site_scripting">XSS attacks</a>.
    If the risk outweighs the benefit, install additional markup formatter plugins and use them. 
</div>
